Phil Pennock [Sat, 27 Aug 2011 18:58:44 +0000 (11:58 -0700)]
Raise smtp_cmd_buffer_size to 16384.
Needed to interoperate with SASL commands containing a large
initial-response; in practice, GSSAPI with authorisation data, such as
in a Windows domain.
Tony Finch [Tue, 7 Jun 2011 15:48:44 +0000 (16:48 +0100)]
exiwhat: Ensure the SIGUSR1 signal handler is safe.
exiwhat sends a SIGUSR1 to all exim processes to make them write
their status to the process log. This is all done in the signal
handler, but the logging code makes a number of calls that are not
signal safe. These can all cause crashes or recursive locking in
libc.
Firstly, obtaining and formatting the timestamp is not safe.
Doing so is unnecessary since exiwhat strips off the timestamp.
This change removes timestamps from the process log.
Secondly, exim closes all the logs after writing the process
log. Closing syslog is not signal safe, and isn't necessary.
We now only close the process log after writing to it.
Thirdly, exim may calculate the process_log_path inside the signal
handler which involves some possibly-unsafe string handling code.
This change calculates the path when reading the configuration.
Fourthly, when exim creates the process log file it might have to
call the unsafe directory_create() though this is unlikely in
practice. After this change exim only calls log_create() in a
subprocess which is safe - it sometimes needs to do so anyway, if
it is running as root and needs to drop privileges.
The new code has no process log handling in log.c which eliminates
some awkward special cases. It uses very simple code to write to
the file in the signal handler, so it is obviously safe by inspection.
Phil Pennock [Thu, 5 May 2011 01:41:58 +0000 (21:41 -0400)]
Fix compile of exim_monitor
The "Compiler masochism compliance" patch changed the log_write()
prototype to use "const char *" instead of "char *"; I don't have X11 on
my main box, so neglected to handle exim_monitor's duplicate definition
of log_write().
Phil Pennock [Tue, 22 Mar 2011 13:37:32 +0000 (09:37 -0400)]
Added dns_use_edns0 main option.
Is int because need a "do not override default" option, but that stops
us from using the bool expansion logic and so we need to explicitly
set numbers. Should try to find a way around that.
Set the default to 0L and |= the one item we default, rather than
setting outright, in the hopes of soon also |= setting another option if
available (SSL_OP_NO_SSLv2).
Phil Pennock [Tue, 22 Mar 2011 09:36:24 +0000 (05:36 -0400)]
Compiler masochism compliance.
Be able to build most of Exim with:
-Werror -Wwrite-strings -Wunused-function -Waddress -Wpointer-sign
-Wformat -Wuninitialized -Winit-self
Skipped a change to auth-spa which I was uncertain of. That is not
the most readable of code.
Temporarily gave up on src/src/pdkim/pdkim.c, as header_name_match()
treats the second param as const or not depending on the third param.
(I hacked the build-*/pdkim/Makefile to continue past this)
Phil Pennock [Tue, 22 Feb 2011 03:17:13 +0000 (22:17 -0500)]
Don't disable quota when maildirsize lost to races.
When maildir_ensure_sizefile() returns -2, we still have size
information, so we can still use that. Don't disable quota. As a
result, do refrain from potentially calling close(-2).
Phil Pennock [Sun, 30 Jan 2011 08:34:31 +0000 (03:34 -0500)]
sudo !tty_tickets; correct config file list.
sudo needs to permit sudo w/o a TTY.
The config file used is the same for each test, the individual config
files are made available under a particular name. Correct that advice.
Phil Pennock [Sun, 30 Jan 2011 05:21:20 +0000 (00:21 -0500)]
The test suite dislikes USE_READLINE.
There's a lot of copying of stdin to stdout when using readline for -be,
which breaks the test suite. The suite now runs well enough for me to
fix the stuff broken by the debugging changes I introduced.
Phil Pennock [Fri, 28 Jan 2011 00:08:45 +0000 (19:08 -0500)]
Pulled spamd_address-expanded caching fix.
Author: Wolfgang Breyha
Bugzilla: 935
Attachment: 378
(looks like it could do with a strcmp check at the end before the extra
string_copy, but that's a nicety and the author has presumably been
running with this).
Phil Pennock [Fri, 28 Jan 2011 00:07:05 +0000 (19:07 -0500)]
Permit make values to be indented or in env.
It appears some make(1)s are not complaining about variables defined
with leading whitespace on the line. Permit that where we can, for the
lookups, but it's not tenable for CFLAGS_DYNAMIC.
Some people are specifying knobs on the make command-line, so we get
them via the environment.
Tested: indented LOOKUP_CDB and commented out LOOKUP_DNSDB, supplying it
via { make LOOKUP_DNSDB=yes }. { exim -d --version } shows both are
built-in, no results from { fgrep DNSDB build-*/Makefile }.
Phil Pennock [Mon, 24 Jan 2011 21:40:38 +0000 (16:40 -0500)]
Bug-fix the xpg4 Solaris logic.
Should not code at 9am when still awake then.
Should sanity-review such code changes before submitting (after sleep).
Should s,/usr/xpg4/bin/sh,/bin/bash, as a convenient test to confirm
what I suspected. But should do so pre-submit.
Phil Pennock [Sun, 23 Jan 2011 10:41:55 +0000 (05:41 -0500)]
Loadable modules: fix debug invocations
The new code was calling DEBUG(<n>) for values of n including 4, 5, 9;
that was an Exim 3 API, we now use bits; -v sets bit 0x1, -bP implies
-v, so { exim -bP } was pulling up random debug messages.
Switched all the DEBUG checks to be DEBUG(D_lookup).
Phil Pennock [Sun, 23 Jan 2011 10:44:45 +0000 (05:44 -0500)]
Bug 1071: fix delivery logging with untrusted macros.
If dropping privileges for untrusted macros, we disabled normal logging
on the basis that it would fail; for the Exim run-time user, this is not
the case, and it resulted in successful deliveries going unlogged.
Fixed. Reported by Andreas Metzler.